<?php
 /**     
  *
  * Copyright (c) 2009, Persistent Systems Limited
  *
  * Redistribution and use, with or without modification, are permitted 
  *  provided that the following  conditions are met:
  *   - Redistributions of source code must retain the above copyright notice, 
  *     this list of conditions and the following disclaimer.
  *   - Neither the name of Persistent Systems Limited nor the names of its contributors 
  *     may be used to endorse or promote products derived from this software 
  *     without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
/**
 *  For ACS constants
 */ 
require_once 'ACS/ACSConstants.php';

/**
 *  For set/get Scope properties
 */ 
require_once 'ACS/Scope.php';

/**
 *  For set/get web proxy details
 */ 
require_once 'util/HttpWebProxy.php';

/**
 *  For set/get Authentication properties
 */
require_once 'ACS/Authentication.php';

/**
 *  For getting Audit Log related properties and Methods
 */ 
require_once 'util/LoggerClass.php';

/**
 * Class SimpleApiAuthService For getting SimpleApiAuthService Token
 * @access public
 */
class SimpleApiAuthService extends Authentication
{
    /**
     * Sets the member variables
     * @param string $acmHostName It is the ACM host name
     * @param string $serviceName It is the service name.
     */    
    public function __construct($acmHostName, $serviceName)
    {
         parent::__construct($acmHostName, $serviceName);         
    }
    
    /**
     * It returns the POST Data in the form of query string
     * @return string
     */
    private function getPOSTData()
    {    
        $scope = $this->getScope();
        $postData = WRAP_NAME . '=' . urlencode( $scope->getIssuerName()) .         
            '&' . WRAP_PASSWORD . '=' .  urlencode($scope->getIssuerSecret()) . 
            '&' . WRAP_APPLIES_TO . '=' . $scope->getAppliesTo();
        
        // Add custom input claims (if any)
        $customClaims = $scope->getCustomInputClaims();
        if (!empty($customClaims))
        {
            foreach ($customClaims  as $key => $value)
            {
                $postData  = $postData . '&' . $key . '=' . $value;
            }
        }
        
        return $postData;
    }
  

    /**
     * Sets the scope object
     * @return string Returns the ACS token
     */
    public function getACSToken() 
    {
        $url = 'https://' . $this->getServiceName() . '.' . 
            $this->getAcmHostName() .  '/' . WRAP_PROTOCOL_VERSION;

        //create an object to facilate curl transfer @see CurlRequest
        $curlRequest = new CurlRequest($url);
        
        $httpWebProxy = $this->getHttpWebProxy();

        if (isset($httpWebProxy))
        {
            //set the proxy credentials for curl request
            $curlRequest->setHttpWebProxy($httpWebProxy);
        }

        // http method for creating message buffer is PUT
        $curlRequest->httpVerb = POST_METHOD;
         
        //set the messsage buffer policy
        $curlRequest->postFields= $this->getPOSTData();         

        //set the auth headers to curl transfer 
        $curlRequest->httpHeaders = Array('Content-Type' => 'application/x-www-form-urlencoded');
        
        try
        {
            //process the curl transfer
            $token = $curlRequest->process();

            //Do Audit logging if set to true
            if (LoggerClass::$doAuditLog)
            {
                $requestInfo = $curlRequest->getInfo();
                LoggerClass::writeLogEntry(REQUEST_TO_ACS . '-' . GET_ACS_TOKEN, $requestInfo);
                LoggerClass::writeLogEntry(RESPONSE_FROM_ACS . '-' . GET_ACS_TOKEN, urlencode($token));
            }
            if ($curlRequest->getErrorNo())
            {
                $errorMessage =  'Curl error: ' . $curlRequest->getErrorNo();
                // Close connection
                throw new Exception($errorMessage);
            }
        }
        catch(Exception $e)
        {
            throw ($e);
        }
        
        if (strpos($token, 'Error') !== false) 
        {
            throw new Exception($token);
        }

        $params = explode('&', $token);
        foreach ($params as $param)
        {
            if (strpos($param, WRAP_ACCESS_TOKEN) === 0)
            {
                $parts = explode('=', $param);
                return $parts[1];
            }
            else
            {
                throw new Exception('Invalid token recieved');
            }
        }
        
        return null;
    }
}
?>
